I'm currently running a LRP packet filtering router (aka firewall) and I'd like to switch to the SuSE firewall. On the LRP box I use the same IP address on both ethernet interfaces (a bit of a hack, I know), and I'd like to do the same thing on a SuSE box. The net is half of a class C, e.g., 10.20.30.128 to 10.20.30.255 (using a phony netnumber as an example.) The default route is 10.20.30.254. The untrusted net is eth0, the trusted net is eth1. Or, pictorially, it looks like this: world--10.20.30.254----10.20.30.253 | eth0 | LRP box | eth1 | 10.20.30.253---Local_LAN Buried in the LRP network configuration script are these routing commands, issued when the interfaces are brought up: ip route del 10.20.30.128/25 dev eth0 ip route add 10.20.30.254 via 10.20.30.253 dev eth0 Can a similar setup be used with SuSEfirewall2? If so, where would be the proper place for the routing hack to make it work? /john -- inet: john@wilkes.com | addr: 321 High School Rd. NE #367 | "The man who views the world at 50 the city: Bainbridge Island, Washington | same as he did at 20 has wasted 30 code: 98110-1697 | years of his life." icbm: 47 37 48 N / 122 29 52 W | - Muhammad Ali